Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-25567

Опубликовано: 14 фев. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the av_pair is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main gss_accept_sec_context entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

1.2.0-1build4
esm-apps/bionic

released

0.7.0-4ubuntu0.18.04.1~esm1
esm-apps/focal

released

0.7.0-4ubuntu0.20.04.1~esm1
esm-apps/jammy

released

0.7.0-4ubuntu0.22.04.1~esm1
esm-apps/noble

not-affected

1.2.0-1build3
esm-apps/xenial

released

0.7.0-3~ubuntu0.16.04.1+esm1
focal

ignored

end of standard support, was needs-triage
jammy

needed

kinetic

ignored

end of life, was needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 22%
0.00069
Низкий

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-25567

CVSS3: 7.5
redhat
больше 2 лет назад

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.

nvd логотип

CVE-2023-25567

CVSS3: 7.5
nvd
больше 2 лет назад

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.

msrc логотип

CVE-2023-25567

CVSS3: 7.5
msrc
6 месяцев назад

Описание отсутствует

debian логотип

CVE-2023-25567

CVSS3: 7.5
debian
больше 2 лет назад

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements ...

suse-cvrf логотип

openSUSE-SU-2023:0048-1

suse-cvrf
больше 2 лет назад

Security update for gssntlmssp

EPSS

Процентиль: 22%
0.00069
Низкий

7.5 High

CVSS3